I remember by using the acronym: UGLIER..
Users go in Globals... Globals go in Locals... Locals are assigned to Resources... Paul G. From: helpdesk UK [mailto:[email protected]] Sent: 27 June 2011 22:18 To: NT System Admin Issues Subject: Re: Single Forest multiple Child domains so I read up once on this going back in NT days.. AGLP Create a user Add the user to a Global Group Add the global group to Local Group Assign permissions Now in win2k8 days we add the mix of UG... so add local group in child1.xyz.com to UG child1.xyz.com and than add the UG child1.xyz.com to a local group in child2.xyz.com and than assign permissions !!! correct ? cheers Joss On 27 June 2011 21:22, Michael B. Smith <[email protected]> wrote: That's where your UG and domain local groups come into play. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: helpdesk UK [mailto:[email protected]] Sent: Monday, June 27, 2011 4:21 PM To: NT System Admin Issues Subject: Re: Single Forest multiple Child domains So reading everyone comments I can take this back to our manager clearly and leave the decision in his hands. There is one other thing which I know has not been asked but they will start requesting this sooner rather than later. Can we access files in the the remote office as well please ? So to give access to [email protected] in domain child2.xyz.com Any best practises around that ? Thanks for all your value added comments. cheers Joss On 27 June 2011 20:49, Christopher Bodnar <[email protected]> wrote: I think the only way to do this, without re-training users, would be to to write a custom credential provider (similar to the custom GINA's that were written for previous verions of Windows). Here is a good discussion on this topic: http://msdn.microsoft.com/en-us/magazine/cc163489.aspx#S5 My thoughts are that this would be very expensive to develop and implement. Much more so than the cost of retraining users. YMMV Chris ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
